Extract interpreter, compiler name and version, to check for vulnerabilities (Gemnasium)
Problem to solve
Dependency Scanning mostly rely on the Gemnasium analyzer which only tracks the packages the scanned projects depend on (like the Ruby gems) but not the interpreter or compiler the scanned projects use (like the specific implementation of Ruby, and its version). The interpreter or compiler name and version has to be extracted by Gemnasium, to then be compared to gemnasium-db, the vulnerability database Gemnasium relies on.
The issue is about finding ways to extract the name and version of each interpreter or compiler the scanned project uses. This should cover all languages currently supported by the Gemnasium analyzer: Java, Ruby, PHP, Python, and NodeJS.
Further details
Proposal
Permissions and Security
No change.
Documentation
No change. To be covered by #10588 (closed).
Availability & Testing
What does success look like, and how can we measure that?
Gemnasium reports the compiler or interpreter name and version, which can then be compared to security advisories of the vulnerability database.